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DETAILED ACTION 

1. Claims 1 - 11 are pending. 

Response to Arguments 

2. Applicant's arguments filed 12/14/2007 have been fully considered but they are 
not persuasive. 

3. Applicant argues that Ozzie in view of Wang fails to teach at the time of enrolling 
said user to said system assigning an identification code to said user and storing the 
assigned identification code at the authorisation centre, assigning a symbol set 
selection algorithm to said user and storing the assigned symbol set selection algorithm 
at the authorisation centre in association with the identification code of the user, wherein 
the symbol set selection algorithm being a list of instructions how a predetermined 
number of graphic symbols can be generated from a table of graphic symbols, wherein 
each graphic symbol is characterised by a predetermined number of dominant features 
and each dominant feature can take a number of values and at the time when said user 
presenting himself at the remote location for obtaining access displaying for said user 
on said remote terminal a table of a predetermined number of randomly chosen different 
graphic symbols so that the user can apply the assigned symbol set algorithm for 
generating a predetermined number of generated symbols, forwarding said generated 
symbols to said authorisation centre, forwarding said user identification code from the 
remote terminal to the authorisation centre, at the authorisation centre using the 
received identification code and reproducing said generated symbols by using the 
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symbol selection algorithm associated with the identified user and comparing the locally 
reproduced response symbols with the ones received from the remote terminal, and 
providing access to said user only if the received and generated symbols being 
identical. Examiner respectfully disagrees. As per claim 1 , Ozzie teaches assigning an 
identification code to said user and storing the assigned identification code at the 
authorization centre (Ozzie, Col. 5 Lines 25 - 27, assigning ID codes for a user), 
assigning a symbol set selection algorithm to said user and storing the assigned symbol 
set selection algorithm at the authorization centre in association with the identification 
code of the user (Ozzie, Col. 5 Lines 29 - 32, Code selected for unique graphical 
pattern) wherein the symbol set selection algorithm being a list of instructions how a 
predetermined number of graphic symbols can be generated from a table of graphic 
symbols (Ozzie, Col. 4 Lines 56 - 67, pool of icons), wherein each graphic symbol is 
characterized by a predetermined number of dominant features and each dominant 
feature can take a number of values (Ozzie, Col. 4 Lines 26 - 37), a table of a 
predetermined number of randomly chosen different graphic symbols so that the user 
can apply the assigned symbol set algorithm for generating a predetermined number of 
generated symbols (Ozzie, Co. 4 Lines 49 - 67), but fails to teach displaying for said 
user on said remote terminal and forwarding said generated symbols to said 
authorization centre, forwarding said user identification code from the remote terminal to 
the authorization centre, at the authorisation centre using the received identification 
code and reproducing said generated symbols by using the symbol selection algorithm 
associated with the identified user and comparing the locally reproduced response 
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symbols with the ones received from the remote terminal, and providing access to said 
user only if the received and generated symbols being identical. However, in an 
analogous art Wang teaches displaying for said user on said remote terminal and 
forwarding said generated symbols to said authorization centre, forwarding said user 
identification code from the remote terminal to the authorization centre, at the 
authorisation centre using the received identification code and reproducing said 
generated symbols by using the symbol selection algorithm associated with the 
identified user and comparing the locally reproduced response symbols with the ones 
received from the remote terminal, and providing access to said user only if the received 
and generated symbols being identical (Wang, Paragraph 0016, password input 
remotely and password then validated). Ozzie's invention maybe more complicated but 
still teaches all the limitations listed in claim 1 . Applicant argues that the claimed 
invention has a table of a predetermined number of randomly chosen different graphic 
symbols so that the user can apply the assigned symbol set algorithm for generating a 
predetermined number of generated symbols, where the random graphics are different 
for every user. However, Ozzie shows in Col. 4 lines 49 - 67, that there are several 
different parsed group of graphics are user will or users will see to select an icon as part 
of the password. One of ordinary skill in the art would know that parsing a pool of icons 
into several different groups would create a random affect since there can be a great 
number of groups with different sets of icons. Applicant is arguing that the claimed 
invention is a single access to the user. However, no where in the claims does the 
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invention even hint or suggest that the invention is a single access system. Thus the 
argument made regarding that is moot, since it is not in the claim language. 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1 - 8 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ozzie et al. U.S. Patent No. (5,664,099), in view of Wang et al. U.S. PG-Publication No. 
(2002/0023215). 

6. As per claim 1 , Ozzie teaches assigning an identification code to said user and 
storing the assigned identification code at the authorization centre (Ozzie, Col. 5 Lines 
25 - 27, assigning ID codes for a user), assigning a symbol set selection algorithm to 
said user and storing the assigned symbol set selection algorithm at the authorization 
centre in association with the identification code of the user (Ozzie, Col. 5 Lines 29 - 32, 
Code selected for unique graphical pattern) wherein the symbol set selection algorithm 
being a list of instructions how a predetermined number of graphic symbols can be 
generated from a table of graphic symbols (Ozzie, Col. 4 Lines 56 - 67, pool of icons), 
wherein each graphic symbol is characterized by a predetermined number of dominant 
features and each dominant feature can take a number of values (Ozzie, Col. 4 Lines 
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26 - 37), a table of a predetermined number of randomly chosen different graphic 
symbols so that the user can apply the assigned symbol set algorithm for generating a 
predetermined number of generated symbols (Ozzie, Co. 4 Lines 49 - 67), but fails to 
teach displaying for said user on said remote terminal and forwarding said generated 
symbols to said authorization centre, forwarding said user identification code from the 
remote terminal to the authorization centre, at the authorisation centre using the 
received identification code and reproducing said generated symbols by using the 
symbol selection algorithm associated with the identified user and comparing the locally 
reproduced response symbols with the ones received from the remote terminal, and 
providing access to said user only if the received and generated symbols being 
identical. However, in an analogous art Wang teaches displaying for said user on said 
remote terminal and forwarding said generated symbols to said authorization centre, 
forwarding said user identification code from the remote terminal to the authorization 
centre, at the authorisation centre using the received identification code and 
reproducing said generated symbols by using the symbol selection algorithm associated 
with the identified user and comparing the locally reproduced response symbols with the 
ones received from the remote terminal, and providing access to said user only if the 
received and generated symbols being identical. However, in an analogous art Wang 
teaches (Wang, Paragraph 0016, password input remotely and password then 
validated). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Wang's Electronic transactions system with Ozzie's 
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method for establishing a protected channel between a user and computer system 
because it offers the advantage of eliminating security risks user encounter with 
electronic transactions (Wang, Paragraph 0002). 

7. As per claim 2, Ozzie teaches user identification code being also a 
predetermined number of said graphic symbols selectable from said displayed set of 
graphic symbols (Ozzie, Col. 5 Lines 24 - 32). 

8. As per claim 3, Ozzie teaches displaying step showing to said user on said 
remote terminal respective lists associated with each of said features, each list 
comprising in a consecutive order all variations of the feature concerned, and allowing 
for said user to select from said lists in association with every generated symbol (Ozzie, 
Co. 4 Lines 49 - 67). 

9. As per claim 4, Ozzie teaches features being the shape, the colour and a number 
written on each of said symbols (Ozzie, Figures 2A, 2B and 2C). 

1 0. As per claim 5, Ozzie teaches symbol set generating algorithm comprises 
selection criteria of features (Ozzie, Co. 4 Lines 49 - 67). 

11. As per claim 6, Ozzie teaches symbol set generating algorithm comprises 
selection and modification criteria of said features (Ozzie, Co. 4 Lines 49 - 67). 

12. As per claim 7, Ozzie teaches the step of carrying out a transformation on said 
generated symbols to obtain a longer sequence of characters, defined as cryptographic 
key, before being forwarded from said remote terminal to said authorisation centre, and 
in said authorisation centre using the same transformation, and in said comparing step 
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comparing said transformed versions of the generated and reproduced symbols (Ozzie, 
Col. 4 Lines 43-48). 

13. As per claim 8, Ozzie teaches communication between said remote terminal and 
said authorisation centre the transmittal of the identification code and the identification 
of the user at the authorisation centre preceding said displaying step, and in said 
displaying step constructing said table of graphic symbols in the knowledge of said 
symbol set generating algorithm associated with the particular user so that said 
algorithm becomes always applicable (Ozzie, Col. 5 Lines 24 - 32). 

14. Claims 9-11 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Ozzie et al. U.S. Patent No. (5,664,099) and Wang et al. U.S. PG-Publication No. 
(2002/0023215) and in view of Patzer et al. U.S. Patent No. (6,732,270). 

1 5. As per claim 9, Ozzie teaches carrying out a transformation on said generated 
symbols to obtain a longer sequence of characters, defined as cryptographic key 
(Ozzie, Col. 4 Lines 43 - 48), but fails to teach before being forwarded from said remote 
terminal to said authorisation centre, using said cryptographic key for encrypting a 
message from said user to the authorisation centre, and in said authorisation centre 
using the same transformation to obtain said cryptographic key, and using said key to 
decrypt the forwarded information, and in said comparing step decrypting the received 
information, and the comparison is regarded positive when the decrypted information 
fulfils certain conditions known to the remote terminal and to the authorisation centre. 
However, in an analogous art Patzer teaches before being forwarded from said remote 
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terminal to said authorisation centre, using said cryptographic key for encrypting a 
message from said user to the authorisation centre, and in said authorisation centre 
using the same transformation to obtain said cryptographic key, and using said key to 
decrypt the forwarded information, and in said comparing step decrypting the received 
information, and the comparison is regarded positive when the decrypted information 
fulfils certain conditions known to the remote terminal and to the authorisation centre 
(Patzer, Col. 4 Lines 46 - 55 and Claim 1). 

At the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to use Patzer's method to authenticate a network access server 
to an authentication server with Ozzie's method for establishing a protected channel 
between a user and computer system because it offers the advantage of preventing 
unauthorized access to a system. 

16. As per claim 1 0, Ozzie a modified teaches step of carrying out a transformation 
on said generated symbols to obtain a longer sequence of characters, defined as 
cryptographic key and carrying out a still another transformation on said generated 
symbols to obtain a unique cryptographic algorithm (Ozzie, Col. 4 Lines 43 - 48), before 
being forwarded from said remote terminal to said authorisation centre, using said 
cryptographic key and said unique cryptographic algorithm for encrypting a message 
from said user to the authorisation centre, and in said authorisation centre using the 
same transformation to obtain said cryptographic key and said cryptographic algorithm, 
and using said key and said algorithm to decrypt the forwarded information, and in said 
comparing step decrypting the received information, and the comparison is regarded 
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positive when the decrypted information fulfils certain conditions known to the remote 
terminal and to the authorisation centre (Patzer, Col. 4 Lines 46 - 55 and Claim 1). 

1 7. As per claim 1 1 , Ozzie as modified teaches the step of creating a digital 
fingerprint (message authentication code, MAC) from the message of the user with the 
help of a one way hash function, encrypting the digital fingerprint using the said 
cryptographic key and unique cryptographic algorithm, forwarding from said remote 
terminal to said authorisation centre the message and the encrypted digital fingerprint, 
in said authorisation centre creating a digital fingerprint (message authentication code, 
MAC) from the message received from the user and using the same transformation to 
obtain said cryptographic key and said cryptographic algorithm, and using said key and 
said algorithm to decrypt the digital fingerprint forwarded with the message and in said 
comparing step decrypting the received digital fingerprint and the comparison is 
regarded positive when the decrypted digital fingerprint and the digital fingerprint 
created in the authorisation centre are identical (Patzer, Col. 4 Lines 46 - 55 and Claim 
1)- 

Conclusion 

18. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

1 9. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

20. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Roderick Tolentino whose telephone number is (571) 
272-2661 . The examiner can normally be reached on Monday - Friday 9am to 5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Roderick Tolentino 

Examiner 

Art Unit 2134 
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Roderick Tolentino 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2134 



